IPMediumSignal 87/100

`66.240.236.116`

Location

United States

San Diego, California

ASN

AS10439

CariNet, Inc.

First Seen

Nov 13, 2021

Last Seen

Jun 6, 2026

Nov 13

First Seen

1673d ago

Jun 6

Last Seen

7d ago

Reports

source reports

87%

Confidence

medium

12/91

VirusTotal

detections

Found in 41 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

87%

Signal Score

87 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

170 techniques

Network Information

Country

United States

RegionSan Diego, California

ASNAS10439

OrganizationCariNet, Inc.

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

41 reports87% confidence

Source reports

87%

Confidence score

Category tags

a5 httpsa6 httpsabuseaccessaccess attemptsaccess controlaccount compromiseaccount securityack scanactionactive reconnaissanceactive scanactive scanningadbadb brute forceadbhoney activityadbhoney attacksadbhoney honeypotadminadministrative accessallandroid device attacksapplication layer attackapplication layer ddosapplication layer protocolapplication reconnaissanceaptasiaasset discoveryattachment phishingattackattack preparatoryattack sourceattack vectorsattacker ipattacker ipsattempted initial accessaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated emailautomated threatautomated threat detectionautomated threatsautomated-attackbackdoorbad ip'sbad reputationbad web botbase64base64 encodingbecblacklist candidateblacklisted ipblacklisted ip addressblocklist_allblog spambotnetbotnet activitybotnet-activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-attackbrute_forcebrute_force_attackbrute_force_attemptbruteforcebulk emailc2c2 communicationcanadacertcisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device scanningcisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco protocol attackscitrix attackcitrix exploitationcitrix exploitation attemptscitrix securityclasscloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescloud_infrastructurecms detectioncode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommercial sexcommercial spamcommon credential attackcommon exploit probingcommon web exploitscommunication protocolcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised websiteconfigconfig manipulationconfiguration manipulationconfiguration modificationconnectconnect scanconnected devicesconpot activityconpot attackconpot attacksconpot honeypotcountcountrycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie emulationcowrie honeypotcowrie honeypot datacowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcingcredential exploitationcredential guessingcredential harvestingcredential phishingcredential stuffingcredential-accesscredential-harvestingcredential-stuffingcredential_accesscredential_stuffingcron injectioncross-site scriptingcsscsvctadata encryptiondata exfiltrationdata harvestingdata store exposuredatabase access attemptdatabase attackdatabase attack attemptdatabase attacksdatabase brute forcedatabase enumerationdatabase intrusion attemptdatabase probingdatabase scandatabase securitydatabase-serverddosddos attackddos attack activityddos attacksddos attemptddos prepddos preparationddos probeddos reflectiondecoy systemdelhidenial of servicedenial-of-servicedevice compromise attemptsdevice managementdictionary attackdigital oceandigitalocean ipdigitalocean ipsdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detecteddionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware detectiondionaea payloadsdirectory bruteforcingdirectory enumerationdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackelasticpot detectedelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityentropyenumerationenv-huntingeu cyber policieseuropeeventsexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit deliveryexploit kitsexploit probingexploit public-facing applicationexploit scanexploit-attemptsexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexport-to-otxexposed servicesexternal access attemptsexternal attackexternal network scanexternal reconnaissanceexternal scanningexternal threatexternal-threatexternal_threatextortionfail2ban triggeredfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfieldfilefinfin port scanfin scanfingerprintingfinlandfirewall detectionfirewall evasionfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp scanftp scanningftp_brute_forceftp_scangermanygithubgroupsgurgaonhackingheralding activityhigh volume traffichoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp floodhttp probinghttp scannerhttp scanninghttp/httpshttp/shttp_scanhttpshttps scanningicmpicmp floodicmp scanicsics securityics/scada attacksidentity & access exploitationidsillegal servicesimapimap brute forceinbound scanindiaindicatorindicators of compromiseindustrial control systemsindustrial iotinfoinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure discoveryinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetingingress tool transferinitial accessinitial access attemptinitial_accessinitiator ipinjection activityinjection attacksinput validation bypassinternet background noiseinternet exposedinternet facinginternet facing assetinternet of thingsinternet-facinginternet-facing assetsinternet-facing systemsinternet-scanninginternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion detectioniocioc.ipiot analyticsiot applicationsiot attackiot attacksiot botnetiot device targetingiot platformsiot securityiot targetediot/ics attackip-address-iocipphoney activityipphoney honeypotipsipv4ipv4 activityipv4 addressipv4 attacksipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4-scanningipv4_activityipv4_addressipv4_scanningjapanjsonkfsensor honeypotkill-chain exploitationkill-chain reconnaissanceknown infrastructurelamplamp attacklamp attackslamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server probinglamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability scanlamp vulnerability scanninglateral movementlateral movement attemptlfilinuxlinux serverslinux systemslinux-server-attacklinux-server-attackslinux-systemloginlogin attacklogin attemptlogin attemptslogin failurelondonlow-riskmail service probingmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious filemalicious file transfermalicious file uploadsmalicious hostmalicious infrastructuremalicious ipmalicious ip listmalicious ipsmalicious ipv4malicious linksmalicious loginmalicious login attemptsmalicious network activitymalicious object detectionmalicious payloadmalicious payload detectionmalicious scanmalicious script executionmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious software targetingmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware hostingmalware installationmalware landingmalware propagationmalware propagation attemptmalware scanningmanualmass scanningmass-scanningmasscanmasscan activitymiraimirai botnetmispmobile threatmodbus attacksmodule loadingmssqlmssql brute forcemysql brute forcenetbiosnetworknetwork activitynetwork attacksnetwork device attacksnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer ddosnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-devicenetwork-device-exploitationnetwork-devicesnetwork-discoverynetwork-reconnaissancenetwork_devicenetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scanningnetwork_servicenetwork_service_exploitationnginxnmapnmap scannmap scan detectednoidanorth americantp amplificationnull port scannull scanoceaniaopen port detectionopen port enumerationopen portsopen_port_discoveryopencanaryopenctioperating systemoperating system securityopportunistic attackeropportunistic attacksos command injectionos credential dumpingos detectionos fingerprintingosintowaspp0fp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpassword-guessingpassword_guessingpathpath traversalpayment fraudphishingphishing attackphishing campaignphishing trapphishing urlphppingping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible credential reusepossible exploit attemptpossible malicious activitypossible malware deploymentpossible malware distributionpossible malware infectionpossible malware probingpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability exploitationpossible vulnerability probingpossible vulnerability scanningpotential botnetpotential botnet activitypotential credential theftpotential exploit activitypotential exploit targetingpotential intrusionpotential malicious activitypotential malware activitypotential malware distributionpotential reconnaissancepotential reconnaissance activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpre-attackprice requestprice request scamprivilege escalationprivilege escalation attemptprobing activityprocess injectionprotocol abuseprotocol exploitationprotocol-abuseprotocol_enumerationpublic cloud targetingpublicly accessible infrastructurepublicly accessible serverpythonransomwareransomware activityransomware payloadraspberry-pircerdprdp scanningrdp_scanreconnaissancereconnaissance activityredisredis exploitationredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityreflection attackreflection ddosregional securityremote accessremote access attackremote access attacksremote access attemptremote access attemptsremote file inclusionremote loginremote service exploitationremote servicesremote_accessreplication attackresearchedresource hijackingrfis7comm attacksscams & fraudscanscannerscanner ipscannersscanning activityscanning_activityschedule themescheduled taskscheduled task abusescorescriptscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer sip attackssentrypeer targetedserverserver exploitationserviceservice detectionservice discoveryservice disruptionservice enumerationservice exploitationservice scanservice scanningservice version detectionservice_enumerationseveresftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitationsftp exploitation attemptssftp intrusion attemptsftp probingsftp scanningsftp traffic analysissftp-attackshellsipsip activitysip attackssip brute forcesip enumerationsip scansip scanningsip vulnerability exploitationsip vulnerability probingsip vulnerability scansip vulnerability scanningsip_attackslaveofslugsmart devicessmbsmb attackssmb brute forcesmb scanningsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissocial engineeringsocradarsoftware exploitationsourcespainspamspam advertisementspam advertisement campaignspam campaignssql injectionsql injection attemptsql injection attemptssshssh activityssh attackssh attacksssh bruteforcessh key injectionssh monitoringssh scanssh-brute-forcessh_brute_forcessh_scanssrfstealth scanstealth scan techniquessurface websuricata alertsuricata alertssweep scansynsyn floodsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1003t1003.001t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1033t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1069.001t1070.004t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1088t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1132t1133t1136.001t1185t1187t1189t1190t1192t1195t1199t1202t1203t1204t1204.001t1204.002t1210t1213t1486t1490t1495.001t1496t1497t1498t1498.001t1498.002t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1539t1547.001t1550t1550.002t1550.003t1552.001t1555t1555.001t1555.002t1555.003t1555.004t1559t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1573.002t1574t1574.001t1574.002t1574.009t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1583.006t1584t1584.001t1584.002t1584.003t1584.004t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1589t1589.002t1590t1590.001t1590.003t1590.005t1590.006t1591t1591.001t1591.002t1592t1592.001t1592.002t1592.003t1592.004t1593t1594t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1600t1608t1608.001t1608.002t1608.003t1608.004t1609t1613tannertanner activitytanner attacktanner attackstanner detectedtanner eventstanner interactionstargeting databasetariff server compromisetariff server themetariffs servertcptcp protocoltcp scantcp scanningtcp/3306tcp_scantelecommunicationstelnettelnet scanningtelnet threattelnet-brute-forcetextthreat actorthreat detectionthreat intelligencethreat preventionthreat_actor_unknownthreat_discoverythreat_intelligencetokyotor nodetpottpotcetrojan malwaretsectypeudp port scanudp scanudp_scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunauthorized-access-attemptunidentified attackerunited kingdomunited statesunited states of americaunknown threat actorunsolicited communicationunsolicited contactunsolicited contentusus based sourceus ip addressus source ipvalid accountsvaluevnc protocolvoipvoip attackvoip attacksvoip systemsvolumetric ddosvpnvpn ipvulnerabilityvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr ip addressvultr-platformwafwaf bypasswaf bypass attemptsweak password attackweb app attackweb applicationweb application attackweb application attacksweb application exploitationweb application fingerprintingweb application scanweb application scanningweb attackweb attack attemptsweb attacksweb crawlerweb enumerationweb exploitweb exploit attemptweb exploitationweb scannerweb securityweb serverweb server attacksweb server probingweb serversweb service probingweb shell attemptweb shell uploadsweb spamweb trafficweb-application-attackweb-exploitationweb-serverweb-serversweb_applicationwebshell activitywetransfer abusewinwindowsxmasxmas port scanxmas scanxss

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

87%

Confidence

Reports

First seenNov 13, 2021

Last seenJun 6, 2026

GeolocationUS

CountryUnited States

LocationSan Diego, California

ASNAS10439

OrgCariNet, Inc.

Coords37.7510, -97.8220

VPN

VirusTotal

12/ 91vendors flagged

13% detection rateJun 6, 2026

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: Socket not responding: timed out
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-redis-bruteforce-ip-list-2025-07-31/, https://jamesbrine.com.au

`66.240.236.116`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy